25 Questions
What is the primary function of a host-based IDPS?
To monitor the characteristics of a single host and the events occurring within that host for suspicious activity
What is the typical component of most host-based IDPSs installed on the hosts of interest?
Agents
What does an agent designed to monitor a server typically monitor?
The OS and some common applications
What is an application-based IDPS also known as?
Some agents perform monitoring for a specific application service only
Where do agents deploy to in a network architecture?
To existing hosts on the organization's networks
What do agents communicate over in a network architecture?
Same networks
What is the primary difference between a host-based IDPS and a network-based IDPS?
The scope of monitoring
What is the purpose of a prevention action in a host-based IDPS?
To respond to suspicious activity
What is the primary function of a shim in a host-based IDPS?
To intercept, analyse, and determine allowing or denying access
What type of architecture do host-based IDPSs use?
Host-based
What is logged by host-based IDPSs?
Timestamp, event type, event details, and prevention action performed
What is an example of an event detected by host-based IDPSs?
All of the above
What is a limitation of host-based IDPSs?
All of the above
What is a prevention capability of host-based IDPSs?
Preventing code from being executed
Where are appliance-based agents deployed?
Inline, in front of the hosts they protect
What is a security capability of host-based IDPSs?
All of the above
What is the primary purpose of Network Traffic Filtering?
To prevent unauthorized access and acceptable use policy violations
What is the function of Filesystem Monitoring?
To prevent files from being accessed, modified, replaced, or deleted
What is the purpose of Removable Media Restriction?
To prevent malware from being transferred or copied to or from the host
What does Audiovisual Device Monitoring indicate?
If the host is compromised
What is the function of Host Hardening?
To detect and enable disabled security functions
What is the purpose of Process Status Monitoring?
To monitor the status of processes or services and security programs
What is Network Traffic Sanitization used for?
To prevent sensitive information from being displayed on web server pages
What is unique about updating agents in host-based IDPSs?
It is related to the type of operating system
What is a common capability offered by most host-based IDPSs?
Management capabilities
Test your understanding of host-based intrusion detection systems and prevention, including components, architecture, and capabilities. Learn about taxonomy of anomaly detection and management of host-based IDPS.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free